Most businesses are aware that a spam filter and antivirus program are not all they need to protect themselves from the constantly evolving landscape of cybersecurity threats. Knowing just what a wide security stance entails, however, is far less noticeable. Comprehensive web security includes a full suite of tools to protect against malware infections, data breaches, and service disruptions. It covers the server, network, and email system. It includes advanced technologies like a web application firewall and involves proactive steps like vulnerability scanning.
But what do you do when something goes wrong? A click on the wrong email that leads to malware or a plug-in vulnerability that leads to a hacked web page means that preventative measures are not enough in that particular case. To minimise the damage caused by a security breach, a proactive web security stance has to be adopted ahead of time, including services and tools for mitigation and a disaster recovery plan.
A significant but often overlooked part of comprehensive cybersecurity protection is a remediation service. There is never a time during a cybersecurity incident to search out an effective malware removal tool, for instance.
Organisational preparation is another essential part of a complete, proactive cybersecurity posture. That means having the right tools but also maintaining a minimum threshold of threat awareness. To assist with that awareness, consider the list below of the top five most common web security problems businesses face and how to fix them.
Common Security Issues On The Internet
Although the Internet led to many benefits, it also poses a more significant potential for security threats. Below are some common Internet security issues.
We’ve all heard about them, and we all have our fears. For everyday Internet users, computer viruses are one of the most common network threats in cybersecurity. Statistics show that approximately 33% of household computers are affected by malware, more than half of which are viruses.
Computer viruses are pieces of software that are designed to be spread from one computer to another. They’re often sent as email attachments or downloaded from specific websites with the intent to infect your computer — and other computers on your contact list — by using systems on your network. Viruses are known to send spam, disable your security settings, corrupt and steal data from your computer, including personal information such as passwords, even going as far as to delete everything on your hard drive.
Rogue Security Software
Leveraging the fear of computer viruses, scammers have found a new way to commit Internet fraud.
Rogue security software is malicious software that misleads users to believe that they have network security issues, most commonly a computer virus installed on their computer or their security measures are not up to date. Then they offer to install or update users’ security settings. They’ll either ask you to download their program to remove the alleged viruses or pay for a tool. Both cases lead to actual malware being installed on your computer.
Metaphorically, a “Trojan horse” refers to tricking someone into inviting an attacker into a securely protected area. In computing, it holds a very similar meaning — a Trojan horse, or “Trojan,” is a malicious bit of attacking code or software that tricks users into running it willingly by hiding behind a legitimate program.
They often spread by email; it may appear as an email from someone you know, and when you click on the email and its included attachment, you’ve immediately downloaded malware to your computer. Trojans also spread when you click on a false advertisement.
Once inside your computer, a Trojan horse can record your passwords by logging keystrokes, hijacking your webcam, and stealing any sensitive data you may have on your computer.
Adware And Spyware
By “adware”, we consider any software that is designed to track data of your browsing habits and, based on that, show you advertisements and pop-ups. Adware collects data with your consent — and is even a legitimate source of income for companies that allow users to try their software for free, but with advertisements showing while using the software. The adware clause is often hidden in related User Agreement docs, but it can be checked by carefully reading anything you accept while installing software. The presence of adware on your computer is noticeable only in those pop-ups, and sometimes it can slow down your computer’s processor and internet connection speed.
When the adware is downloaded without consent, it is considered malicious.
Spyware works similarly to adware but is installed on your computer without your knowledge. It can contain keyloggers that record personal information, including email addresses, passwords, even credit card numbers, making it dangerous because of the high risk of identity theft.
Computer worms are pieces of malware programs that replicate quickly and spread from one computer to another. A worm spreads from an infected computer by sending itself to all of the computer’s contacts, then immediately to the connections of the other computers.
A worm spreads from an infected computer by sending itself to all of the computer’s contacts, then immediately to the connections of the other computers.
Interestingly, they are not always designed to cause harm; some worms are made just to spread. Transmission of worms is also often done by exploiting software vulnerabilities. While we don’t hear about them much today, computer worms are among the most common computer network threats.
DoS And DDoS Attack
Have you ever found yourself waiting impatiently for the online release of a product, one that you’re eagerly waiting to purchase? You keep refreshing the page, waiting for that moment when the product will go live. Then, as you press F5 for the last time, the page shows an error: “Service Unavailable.” The server must be overloaded!
There are cases where a website’s server gets overloaded with traffic and crashes, sometimes when a news story breaks. But more commonly, this is what happens to a website during a DoS attack or denial of service. This malicious traffic overload occurs when attackers overflood a website with traffic. When a website has too much traffic, it’s unable to serve its content to visitors.
A DoS attack is performed by one machine and its internet connection by flooding a website with packets and making it impossible for legitimate users to access the content of flooded websites. Fortunately, you can’t overload a server with a single other server or a PC anymore. In the past years, it hasn’t been that common, if anything, by flaws in the protocol.
A DDoS attack, or distributed denial-of-service attack, is similar to DoS but is more forceful. It’s harder to overcome a DDoS attack. It’s launched from several computers, and the number of computers involved can range from just a couple of them to thousands or even more.
Since not all of those machines likely belong to the attacker, they are compromised and added to the attacker’s network by malware. These computers can be distributed around the entire globe, and that network of compromised computers is called a botnet.
Since the attack comes from so many different IP addresses simultaneously, a DDoS attack is much more difficult for the victim to locate and defend against.
Phishing is a method of social engineering to obtain sensitive data such as passwords, usernames, credit card numbers.
The attacks often come in the form of instant messages or phishing emails designed to appear legitimate. The recipient of the email is then tricked into opening a malicious link, which leads to the installation of malware on the recipient’s computer. It can also obtain personal information by sending an email that appears to be sent from a bank, asking to verify your identity by giving away your private information.
Uncovering phishing domains can be done quickly with SecurityTrails.
A rootkit is a collection of software tools that enables remote control and administration-level access over a computer or computer network. Once remote access is obtained, the rootkit can perform many malicious actions; they come equipped with keyloggers, password stealers and antivirus disablers.
Rootkits are installed by hiding in legitimate software: when you permit that software to make changes to your OS, the rootkit installs itself in your computer and waits for the hacker to activate it. Other ways of rootkit distribution include phishing emails, malicious links, files, and downloading software from suspicious websites.
SQL Injection Attack
We know today that many servers storing data for websites use SQL. As technology has progressed, network security threats have advanced, leading us to the danger of SQL injection attacks.
SQL injection attacks are designed to target data-driven applications by exploiting security vulnerabilities in the application’s software. They use malicious code to obtain private data, change and even destroy that data, and can go as far as to void transactions on websites. It has quickly become one of the most challenging privacy issues for data confidentiality. You can read more on the history of SQL injection attacks to understand better the threat it poses to cybersecurity.
Man-in-the-middle attacks are cybersecurity attacks that allow the attacker to eavesdrop on the communication between two targets. It can listen to communication which should, in everyday settings, be private.
As an example, a man-in-the-middle attack happens when the attacker wants to intercept a communication between person A and person B. Person A sends their public key to person B, but the attacker intercepts it and sends a forged message to person B, representing themselves as A, but instead, it has the attackers public key. B believes that the news comes from person A and encrypts the message with the attacker public key, sends it back to A. Still, the attacker again intercepts this message, opens the message with the private key, possibly alters it, and re-encrypts it using the public key that was firstly provided by person A. Again, when the message is transferred back to person A, they believe it comes from person B, and this way, we have an attacker in the middle that eavesdrops on the communication between two targets.
Here are just some of the types of MITM attacks:
- DNS spoofing
- HTTPS spoofing
- IP spoofing
- ARP spoofing
- SSL hijacking
- Wi-Fi hacking
Open Wireless Networks
Wireless networks are one of the most common ways businesses allow their employees to get online. With one main Internet line and a couple of wireless routers, you can theoretically have the whole office online. This method of connecting does save money, but there is an inherent security risk with this, and that is an unsecured network.
Contrary to popular belief, simply plugging in a wireless router and creating a primary network won’t mean you are secure. If you don’t set a password on your routers, then anyone within range can connect. Hackers and criminal organisations are known to look for and then target these networks. With relatively simple tools and know-how, they can start capturing data that goes in and out of the network and even attacking the network and computers attached. In other words, unprotected networks are open invitations to hackers.
Therefore, you should take steps to ensure that all wireless networks in the office are secured with passwords that are not easy to guess. For example, many Internet Service Providers who install hardware when setting up networks will often use the company’s main phone number as the password to the router. This is too easy to work out, so changing to a password that is a lot more difficult to guess makes sense.
Email Is Not Secure.
Admittedly, most companies implementing a new email system in the past couple of years will likely be reasonably secure. This is especially true if they use cloud-based options or well-known email systems like Exchange which offer enhanced security and scanning while using modern email transition methods.
The businesses at risk use older systems like POP or systems that don’t encrypt passwords (what are known as ‘clear passwords’). If your system doesn’t encrypt information like this, anyone with the right tools and a bit of knowledge can capture login information and potentially compromise your systems and data.
If you are using older email systems, it is advisable to upgrade to newer ones, especially if they don’t encrypt important information.
Mobile Devices That Aren’t Secure Enough
Mobile devices, like tablets and smartphones, are being used more than ever before in business and offer a great way to stay connected and productive while out of the office. The issue with this, however, is that if you use your tablet or phone to connect to office systems and don’t have security measures in place, you could find networks compromised.
For example, if you have linked your work email to your tablet but don’t have a screen lock enabled and you lose your device, anyone who picks it up will have access to your email and potentially sensitive information.
The same goes if you accidentally install a fake app with malware on it. You could find your systems infected. Therefore, you should take steps to ensure that your device is locked with at least a passcode and you have antivirus and malware scanners installed and running regularly.
Anti-virus Scanners That Aren’t Maintained
These days, it is essential that you have anti-virus, malware, and spyware scanners installed on all machines and devices in your company and that you take the time to configure these properly. It could be that scans are scheduled during business hours, or they just aren’t updated. If you install these solutions onto your systems, and they start to scan during work time, most employees will turn the scanner off, thus leaving systems wide-open.
The same goes for not properly ensuring that these systems are updated. Updates are essential for scanners because they implement new virus databases that contain newly discovered malware and viruses and fix them.
Therefore, scanners need to be correctly installed and maintained if they can even stand a chance of keeping systems secure.
Lack Of Firewalls
A firewall is a networking security tool configured to block specific network access and data from leaving the network or being accessed from outside of the network. A properly configured firewall is necessary for network security, and while many modems include this, it’s often not robust enough for business use.
What you need instead is a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like us for them to be most effective.
Most Common Security Issues And How To Fix Them
Hackers are sometimes able to exploit vulnerabilities in applications to insert malicious code. Often the vulnerability is found in a text input field for users, such as for a username, where an SQL statement is entered, which runs on the database, in what is known as an SQL Injection attack. Other code injection attacks include shell injection, operating system command attacks, script injection, and dynamic evaluation attacks.
Attacks of this type can lead to stolen credentials, destroyed data, or even loss of control over the server. They are also surprisingly common, as the OWASP (Open Web Application Security Project) Foundation ranks code injection first in its Top 10 Application Security Risks.
There are two ways to prevent code injection: avoiding vulnerable code and filtering input. Applications can guard against vulnerable code by keeping data separate from commands and queries, such as using a safe API with parameterised queries. Businesses should also use input validation and observe the principle of least privilege, applying controls like the SQL LIMIT function to reduce the damage from a successful attack. A Web Application Firewall (WAF) which updates a threat database in real-time, is the only effective way to filter application input to protect against code injection.
The cost of data breaches is well documented. They are often caused by compromised credentials, but the range of other common causes include software misconfiguration, lost hardware, or malware (more on that below). The Breach Level Index indicates 944 known data breaches in the first half of 2018 and nearly 2,000 in 2017.
Data breach prevention requires a range of good practices. Site traffic and transactions should be encrypted with SSL, permissions should be carefully set for each group of users, and servers should be scanned. Employees should be trained in avoiding being caught by phishing attacks and how to practice good password hygiene. The principle of least privilege is worth noting here, as well.
If your business discovers a potential data breach, you may face legal or compliance requirements for notifying customers or regulatory authorities. Disclosure requirements and strategies should be determined ahead of time so that the maximum amount of organisational resources can be dedicated to making sure that no more data is stolen and repairing the damage caused. Once the attack vector has been blocked, a comprehensive incident investigation should be conducted, and the network scanned to ensure all vulnerabilities have been identified and closed off.
How Do I Ensure Proper Business Security?
The best way a business can ensure that its systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures and that the systems are set up and managed properly. Tech peace of mind means the focus can be on creating a successful company instead.